88797c72d5e28a8cda838fccca084bc173f06ca757cf0209edcdfe6105d7d0c2

Sharing

Copy URL

Twitter E-mail

General

Target

88797c72d5e28a8cda838fccca084bc173f06ca757cf0209edcdfe6105d7d0c2
Size

661KB
MD5

007ac96f2afe9ad88b094c40ff236a00
SHA1

2407afd983cde233d5d1c53d80c4d640fb6d4509
SHA256

88797c72d5e28a8cda838fccca084bc173f06ca757cf0209edcdfe6105d7d0c2
SHA512

207f73ec7298bae370790ed072ca53d471b741cc82901f96b911eb8c0ccc1cd399f49af8368c775b533175e465e65e4f236fa848133a8c07878499137d3ae3a0
SSDEEP

12288:7PX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+Y:rE6Ehg7mM+M6RkMkIM7gE6Eh67

Score

N/A

Malware Config

Signatures

Files

88797c72d5e28a8cda838fccca084bc173f06ca757cf0209edcdfe6105d7d0c2
.exe windows x86

21ce449bac952d12788282110fbde738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

CreateFileW
GetWindowsDirectoryW
TerminateProcess
DeleteCriticalSection
HeapSetInformation
SetErrorMode
InitializeCriticalSection
LoadLibraryW
GetVersionExW
GetProcAddress
GetModuleHandleW
IsWow64Process
GetCurrentProcess
RaiseException
LoadLibraryA
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileTime
GetCommandLineW
LocalAlloc
ExpandEnvironmentStringsW
CreateProcessW
LocalFree
lstrlenW
SetDllDirectoryW
GetLastError
SetLastError
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
LoadResource
FindResourceExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
VerifyVersionInfoW
GetCurrentDirectoryW
GetModuleFileNameW
VerSetConditionMask

user32

CharNextW
SendMessageTimeoutW
IsWindowVisible
IsWindowEnabled
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowExW
MessageBoxW
LoadStringW

msvcrt

??2@YAPAXI@Z
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
memcpy
??3@YAXPAX@Z
bsearch
_vsnwprintf
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
iswspace
memset
_wcsnicmp
_wcsicmp

ntdll

RtlUnwind

shlwapi

PathCombineW
UrlCanonicalizeW
ord462
PathIsURLW
SHGetValueW
SHSetValueW
SHRegGetValueW
ord437
ord154
PathRemoveFileSpecW
PathAppendW
PathQuoteSpacesW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158

shell32

CommandLineToArgvW
ord147

ole32

CoInitialize
CoUninitialize

iertutil

ord31
ord58
ord44
ord9
ord46
ord650
ord163
ord74
ord85
ord81
ord79
ord32
ord325
ord42

urlmon

ord104
ord111
ord410

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ngaut
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21ce449bac952d12788282110fbde738

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 3KB - Virtual size: 2KB

.ngaut Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 3KB - Virtual size: 2KB

.ngaut
Size: 4KB - Virtual size: 4KB